diff --git a/backport-add-server_hostname-to-SSL_KEYWORDS.patch b/backport-add-server_hostname-to-SSL_KEYWORDS.patch new file mode 100644 index 0000000000000000000000000000000000000000..6d857f7c6f7aabf9fbe8a99fd1085e409805c16b --- /dev/null +++ b/backport-add-server_hostname-to-SSL_KEYWORDS.patch @@ -0,0 +1,25 @@ +From f1d40fd07f7b5d9cf846a18fb5a920b4be07dfc5 Mon Sep 17 00:00:00 2001 +From: Hasan Ramezani +Date: Thu, 20 Jan 2022 15:56:02 +0100 +Subject: [PATCH] [1.26] Add server_hostname to SSL_KEYWORDS + +Conflict:no add testcode +Reference:https://github.com/urllib3/urllib3/commit/f1d40fd07f7b5d9cf846a18fb5a920b4be07dfc5 +--- + src/urllib3/poolmanager.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/urllib3/poolmanager.py b/src/urllib3/poolmanager.py +index 3a31a28..ca4ec34 100644 +--- a/src/urllib3/poolmanager.py ++++ b/src/urllib3/poolmanager.py +@@ -34,6 +34,7 @@ SSL_KEYWORDS = ( + "ca_cert_dir", + "ssl_context", + "key_password", ++ "server_hostname", + ) + + # All known keyword arguments that could be provided to the pool manager, its +-- +2.27.0 diff --git a/backport-avoid-socket-leak-if-HTTPSConnection.connect-fails.patch b/backport-avoid-socket-leak-if-HTTPSConnection.connect-fails.patch new file mode 100644 index 0000000000000000000000000000000000000000..0d7dc4ef8c05749ab9b972bf0c15ffbe0ef9d8bf --- /dev/null +++ b/backport-avoid-socket-leak-if-HTTPSConnection.connect-fails.patch @@ -0,0 +1,39 @@ +From c0a182c6300a34cba58b5e80749584d7b621c7dd Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Thu, 3 Mar 2022 07:22:18 -0600 +Subject: [PATCH] [1.26] Avoid socket leak if HTTPSConnection.connect() fails + +Co-authored-by: Thomas Grainger + +Conflict:no add testcode +Reference:https://github.com/urllib3/urllib3/commit/c0a182c6300a34cba58b5e80749584d7b621c7dd +--- + src/urllib3/connection.py | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py +index 54aac3c..68b63a4 100644 +--- a/src/urllib3/connection.py ++++ b/src/urllib3/connection.py +@@ -355,17 +355,15 @@ class HTTPSConnection(HTTPConnection): + + def connect(self): + # Add certificate verification +- conn = self._new_conn() ++ self.sock = conn = self._new_conn() + hostname = self.host + tls_in_tls = False + + if self._is_using_tunnel(): + if self.tls_in_tls_required: +- conn = self._connect_tls_proxy(hostname, conn) ++ self.sock = conn = self._connect_tls_proxy(hostname, conn) + tls_in_tls = True + +- self.sock = conn +- + # Calls self._set_hostport(), so self.host is + # self._tunnel_host below. + self._tunnel() +-- +2.27.0 diff --git a/backport-strip-leading-zeros-form-ports.patch b/backport-strip-leading-zeros-form-ports.patch new file mode 100644 index 0000000000000000000000000000000000000000..1effc913d40c7cb338e1889fde1c4e8be1d0300d --- /dev/null +++ b/backport-strip-leading-zeros-form-ports.patch @@ -0,0 +1,45 @@ +From 955da4d03eaa6785aef40a34f440a67d736a4793 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Tue, 22 Nov 2022 17:59:57 +0000 +Subject: [PATCH] [1.26] Strip leading zeros from ports + +Co-authored-by: Bastian Venthur +Co-authored-by: Hasan Ramezani + +Conflict:NA +Reference:https://github.com/urllib3/urllib3/commit/955da4d03eaa6785aef40a34f440a67d736a4793 +--- + src/urllib3/util/url.py | 2 +- + test/test_util.py | 4 ++++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py +index 81a03da..8964cef 100644 +--- a/src/urllib3/util/url.py ++++ b/src/urllib3/util/url.py +@@ -63,7 +63,7 @@ IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT + "$") + BRACELESS_IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT[2:-2] + "$") + ZONE_ID_RE = re.compile("(" + ZONE_ID_PAT + r")\]$") + +-_HOST_PORT_PAT = ("^(%s|%s|%s)(?::([0-9]{0,5}))?$") % ( ++_HOST_PORT_PAT = ("^(%s|%s|%s)(?::0*([0-9]{0,5}))?$") % ( + REG_NAME_PAT, + IPV4_PAT, + IPV6_ADDRZ_PAT, +diff --git a/test/test_util.py b/test/test_util.py +index 562c106..f6c8b43 100644 +--- a/test/test_util.py ++++ b/test/test_util.py +@@ -343,6 +343,10 @@ class TestUtil(object): + with pytest.raises(LocationParseError): + parse_url("https://www.google.com:-80/") + ++ def test_parse_url_remove_leading_zeros(self): ++ url = parse_url("https://example.com:0000000000080") ++ assert url.port == 80 ++ + def test_Url_str(self): + U = Url("http", host="google.com") + assert str(U) == U.url +-- +2.27.0 diff --git a/python-urllib3.spec b/python-urllib3.spec index eaeb5b1ac242de6bedd1ca2d0e752decd4e9e6d6..f75270e4ff42157e80e8e0e9ee548f6aac37fe54 100644 --- a/python-urllib3.spec +++ b/python-urllib3.spec @@ -3,7 +3,7 @@ Name: python-%{srcname} Version: 1.26.7 -Release: 3 +Release: 4 Summary: Sanity-friendly HTTP client for Python License: MIT URL: https://urllib3.readthedocs.io @@ -12,6 +12,9 @@ Source1: ssl_match_hostname_py3.py Patch0001: remove_mock.patch Patch6000: backport-CVE-2021-28363.patch +Patch6001: backport-add-server_hostname-to-SSL_KEYWORDS.patch +Patch6002: backport-avoid-socket-leak-if-HTTPSConnection.connect-fails.patch +Patch6003: backport-strip-leading-zeros-form-ports.patch BuildArch: noarch @@ -77,6 +80,9 @@ PYTHONPATH=%{buildroot}%{python3_sitelib}:%{python3_sitelib} %{__python3} -m pyt %{python3_sitelib}/urllib3-*.egg-info %changelog +* Sat Dec 17 2022 chenhaixing - 1.26.7-4 +- DESC:backport some patches + * Tue Aug 09 2022 chenhaixing - 1.26.7-3 - modify RECENT_DATE in python-urllib3.spec to adapt time change